This commit is contained in:
François 2022-02-19 08:43:14 +01:00
parent 77c1bb84bd
commit dbe0e45525
2 changed files with 81 additions and 129 deletions

View File

@ -3,9 +3,14 @@
* Kaz addon (see https://git.kaz.bzh/KAZ/depollueur for information)
* create un archive for a set of file or update file deadline
a.php?u=month&h=HHHHHHHH => deadline
a.php?r=email => track
a.php?p=email => period
a.php?u=month&h=HHHHHHHH => update deadline
a.php?g=l~k => zip
a.php?s=mel@domain.org => send status e-mail
a.php?time=month&key=password + POST file => upload
a.php?s=mel@domain.org => form
a.php?s=mel@domain.org&t=password + [action] => manage account
action: a=login a=logout a=r[on|off] a=p[minute|hour|day|week|month|quarter]
*/
use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\SMTP;
@ -62,7 +67,7 @@ define ('M_SEND_TOKEN', "Vous allez recevoir un lien d'accès temporaire &
define ('M_INCONSISTENT_DATES',
" (dates incohéantes avec ___FILENAME___ : ___DIRTIME___ != ___FILETIME___)");
define ('A_ACTION', 'a'); // action : T_SEND, T_LOGOUT, A_RECORD+(on|off), A_PERIOD(minute|hour|day|week|month|quarter)
define ('A_ACTION', 'a'); // action : T_LOGIN, T_LOGOUT, A_RECORD+(on|off), A_PERIOD(minute|hour|day|week|month|quarter)
define ('A_GET', 'g'); // get archive
define ('A_HASH', 'h'); // file to update or delete
define ('A_OPEN_TOKEN', 'o'); // ask token
@ -85,8 +90,8 @@ define ('T_SIGN', 'sign');
define ('T_NOT_FOUND', 'not_found');
define ('T_OLD', 'old');
define ('T_RENAME', 'rename');
define ('T_SEND', 'send');
define ('T_LOGOUT', 'lougout');
define ('T_LOGIN', 'login');
define ('T_LOGOUT', 'logout');
define ('T_SENDER', 'sender');
define ('T_TIME', 'time');
define ('T_ID', 'id');
@ -113,6 +118,31 @@ $message = '';
/* Remove errors. */
@error_reporting (0);
// ========================================
if (isset ($_REQUEST [A_RECORD]) && !empty ($_REQUEST [A_RECORD])) {
if (!preg_match ("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/i", $_REQUEST [A_RECORD]))
returnError (M_BAD_SENDER_NAME);
$content = getSenderTrack ($_REQUEST [A_RECORD]).NL;
header ('HTTP/1.0 200 OK');
header ('Content-Length: ' . strlen ($content));
header ('Content-Type: text/plain');
echo $content;
exit;
}
// ========================================
if (isset ($_REQUEST [A_PERIOD]) && !empty ($_REQUEST [A_PERIOD])) {
if (!preg_match ("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/i", $_REQUEST [A_PERIOD]))
returnError (M_BAD_SENDER_NAME);
$content = getSenderPeriod ($_REQUEST [A_PERIOD]).NL;
header ('HTTP/1.0 200 OK');
header ('Content-Length: ' . strlen ($content));
header ('Content-Type: text/plain');
echo $content;
exit;
}
// ========================================
$doUpdate = false;
if (isset ($_REQUEST [A_UPDATE]) && !empty ($_REQUEST [A_UPDATE])) {
$doUpdate = true;
@ -211,27 +241,46 @@ function period2seconds ($periodName) {
}
// ========================================
function setSenderFake ($error, $sender, $owner, $dirLink, $dirTime, $fileName, $fileTime) {
if (!$sender)
return;
function setSenderFake ($error, $sender, $owner, $dirLink, $fileLink) {
global $doLogout;
if (!file_exists (VAR_FAKE))
mkdir (VAR_FAKE, 0755);
file_put_contents (VAR_FAKE.$sender,
$dirTime = $fileTime = $fileName = $fileType = $ip = '';
if (count ($dirLink) != 0) {
$dirTime = $dirLink ['upload_date'].date (" Y-m-d H:i:s", $dirLink ['upload_date']);
$ip = $dirLink ['ip'];
}
if (!$sender)
return;
if (count ($fileLink) != 0) {
$fileTime = $fileLink ['upload_date'].date (" Y-m-d H:i:s", $fileLink ['upload_date']);
$fileName = $link ['file_name'];
$fileType = $link ['mime_type'];
}
$content =
"time : ".time ().NL.
"date : ".date ("Y-m-d H:i:s").NL.
"error : ".$error.NL.
"sender: ".$sender.NL.
"owner: ".$owner.NL.
"dirLink: ".$dirLink.NL.
"sender : <".$sender.">".NL.
"owner : <".$owner.">".NL.
"dirLink : <".$dirLink.">".NL.
"dirTime : ".$dirTime.NL.
"fileTime: ".$fileTime.NL);
"fileName: ".$fileName.NL.
rmToken ($sender);
"dirIp : ".$ip.NL.
"fileTime: ".$fileTime.NL.
"fileType: <".$fileType.">".NL.
"fileName: <".$fileName.">".NL;
$log = $ip.$sender;
if ($log)
file_put_contents (VAR_FAKE.$log, $content);
// $doLogout = true;
// rmToken ($sender);
}
function getSenderFake ($sender) {
if (!$sender)
return;
return file_exists (VAR_FAKE.$sender);
return false;
// return $sender && file_exists (VAR_FAKE.$sender);
}
// ========================================
@ -594,7 +643,7 @@ if ($doDownload) {
if (false) {
// log
// debug
$message .= print_r ($archiveInfo, 1);
$message .= print_r ($archiveContent, 1);
@ -622,30 +671,6 @@ if ($doDownload) {
exit;
}
// ========================================
if (isset ($_REQUEST [A_RECORD]) && !empty ($_REQUEST [A_RECORD])) {
if (!preg_match ("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/i", $_REQUEST [A_RECORD]))
returnError (M_BAD_SENDER_NAME);
$content = getSenderTrack ($_REQUEST [A_RECORD]).NL;
header ('HTTP/1.0 200 OK');
header ('Content-Length: ' . strlen ($content));
header ('Content-Type: text/plain');
echo $content;
exit;
}
// ========================================
if (isset ($_REQUEST [A_PERIOD]) && !empty ($_REQUEST [A_PERIOD])) {
if (!preg_match ("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/i", $_REQUEST [A_PERIOD]))
returnError (M_BAD_SENDER_NAME);
$content = getSenderPeriod ($_REQUEST [A_PERIOD]).NL;
header ('HTTP/1.0 200 OK');
header ('Content-Length: ' . strlen ($content));
header ('Content-Type: text/plain');
echo $content;
exit;
}
// ========================================
// form
$token = '';
@ -657,7 +682,7 @@ if (isset ($_REQUEST [A_TOKEN]) && !empty ($_REQUEST [A_TOKEN])) {
$refToken = getToken ($sender);
$urlBase = $_SERVER ['HTTP_X_FORWARDED_PROTO']."://".$_SERVER ['HTTP_HOST'];
if (isset ($_REQUEST [A_ACTION]) && $_REQUEST [A_ACTION] == T_SEND && $sender) {
if (isset ($_REQUEST [A_ACTION]) && $_REQUEST [A_ACTION] == T_LOGIN && $sender) {
require (JIRAFEAU_ROOT . 'lib/template/header.php');
if (getSenderFake ($sender))
echo "Ce compte ne peut plus se connecter. Veuillez contacter les administrateurs.";
@ -707,7 +732,7 @@ if (! ($sender && $token && $token == $refToken &&
</tr>
<tr class="nav">
<td class="nav next">
<input type="hidden" name="<?php echo A_ACTION; ?>" value="<?php echo T_SEND; ?>" />
<input type="hidden" name="<?php echo A_ACTION; ?>" value="<?php echo T_LOGIN; ?>" />
<input type="submit" value="<?php echo M_SEND; ?>" />
</td>
</tr>
@ -739,9 +764,8 @@ function deleteAction ($linkName) {
if (! count ($archiveInfo))
return;
if ($sender != $archiveInfo [T_SENDER]) {
setSenderFake ("rmdir: not owner", $sender, $archiveInfo [T_SENDER], $dirLink, $dirTime, null, null);
setSenderFake ("rmdir: not owner", $sender, $archiveInfo [T_SENDER], $dirLink, null);
$message .= "Tentative de supprimer un envoi dont vous n'&ecirc;tes pas le propri&eacute;taire";
$doLogout = true;
return;
}
$fileToDelete = false;
@ -752,11 +776,10 @@ function deleteAction ($linkName) {
continue;
$fileTime = $fileLink ['upload_date'];
if (! valideTime ($dirTime, $fileTime)) {
setSenderFake ("rmdir: newfile not same time", $sender, null, $dirLink, $dirTime, $fileLink ['file_name'], $fileTime);
setSenderFake ("rmdir: newfile not same time", $sender, null, $dirLink, $fileLink);
$message .= "Cet envoi a &eacute;t&eacute; forg&eacute;e".
str_replace (["___FILENAME___", "___DIRTIME___", "___FILETIME___"],
[$fileLink ['file_name'], $dirTime , $fileTime], M_INCONSISTENT_DATES);
//$doLogout = true;
return;
}
$fileToDelete = true;
@ -827,22 +850,20 @@ function deleteAction ($linkName) {
$message .= ".";
break;
}
setSenderFake ("rm: dir not same time", $sender, null, $dirLink, $dirTime, $fileLink ['file_name'], $fileTime);
setSenderFake ("rm: dir not same time", $sender, null, $dirLink, $fileLink);
$message .= "Cet envoi a &eacute;t&eacute; forg&eacute;e. ".
str_replace (["___FILENAME___", "___DIRTIME___", "___FILETIME___"],
[$fileLink ['file_name'], $dirTime , $fileTime], M_INCONSISTENT_DATES);
//$dologout = true;
break;
}
if (valideTime ($dirTime, $fileTime)) {
setSenderFake ("rm: not owner", $sender, $archiveInfo [T_SENDER], $dirLink, $dirTime, $fileLink ['file_name'], $fileTime);
setSenderFake ("rm: not owner", $sender, $archiveInfo [T_SENDER], $dirLink, $fileLink);
$message .= "Tentative de supprimer un envoi dont vous n'&ecirc;tes pas le propri&eacute;taire.".
str_replace (["___FILENAME___", "___DIRTIME___", "___FILETIME___"],
[$fileLink ['file_name'], $dirTime , $fileTime], M_INCONSISTENT_DATES);
//$doLogout = true;
break;
}
setSenderFake ("rm: find not owner", $archiveInfo [T_SENDER], $sender, $dirLink, $dirTime, $fileLink ['file_name'], $fileTime);
setSenderFake ("rm: find not owner", $archiveInfo [T_SENDER], $sender, $dirLink, $fileLink);
$message .= "Quelqu'un av&eacute;tait revandiqu&eacute; cet envoi. (".$sender." != ".$archiveInfo [T_SENDER].")";
break;
}
@ -1087,72 +1108,3 @@ require (JIRAFEAU_ROOT.'lib/template/footer.php');
exit;
// ========================================
// // $count = count ($lines)-1;
// // $content = '';
// // for ($i = 0; $i < $count; $i++)
// // $content .= $lines [$i];
// // if (isset ($archive [T_SIGN]) && $archive [T_SIGN] == md5 ($content))
// // return $archive;
// // $message .= "bad signature <pre>".print_r ($lines, 1)."</pre>";
// // return [];
// function getSecret () {
// if (!file_exists (VAR_PRIVATE."secret")) {
// mkdir (VAR_PERIOD, 0700);
// for ($s = '', $i = 0, $z = strlen ($a = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789')-1;
// $i != 32;
// $x = rand (0, $z), $s .= $a{$x}, $i++);
// file_put_contents (VAR_PRIVATE."secret", $s.NL);
// }
// return trim (file (VAR_PERIOD."secret"));
// }
// function crea-teArchive ($archive, $key, $maxtime, $ip) {
// if (!count ($archive))
// return;
// $content = T_ID.': '.time ();
// if (isset ($archive [T_TIME]))
// $content .= "time: ".$archive [T_TIME].NL;
// if (isset ($archive [T_SENDER]))
// $content .= "src: ".$archive [T_SENDER].NL;
// foreach ([T_OLD, T_NEW] as $cat)
// if (isset ($archiveInfo [$cat]))
// foreach ($archiveInfo [$cat] as [$linkName, $cryptKey])
// $content .= $cat.": ".$linkName." ".$cryptKey;
// $content .= T_SIGN.": ".md5 ($content).NL;
// $tmpFileName = tempnam (sys_get_temp_dir (), date ("newArchive-Ymd-H:i:s")."-");
// file_put_contents ($tmpFileName, $content);
// $file ['name'] = $tmpFileName;
// $file ['tmp_name'] = T_ARCHIVE_TITLE;
// $file ['error'] = UPLOAD_ERR_OK;
// $file ['type'] = T_ARCHIVE_MIME;
// $file ['size'] = filesize ($file ['tmp_name']);
// $res = jirafeau_upload (
// $file,
// false,
// $key,
// $maxtime,
// $ip,
// $cfg ['enable_crypt'],
// $cfg ['link_name_length'],
// $cfg ['file_hash']
// );
// unlink ($tmpFileName);
// }
// function checkNewArchive ($archive) {
// if (isset ($archiveInfo [T_NEW]))
// foreach ($archiveInfo [T_NEW] as [$fileName, $cryptKey]) {
// $fileLink = jirafeau_get_link ($fileName);
// if (! count ($link))
// return false;
// //upload_date
// }
// // all new never download
// // all new mtime < 60s
// }
// function checkReadArchive ($archive) {
// // md5
// }
?>

View File

@ -105,7 +105,7 @@ mkdir -p "${REP_PIECE_JOINTE}/"
>"${ARCHIVE_CONTENT}"
# Etape de rafraichissement des anciens fichiers inclus
echo -e "time: ${DATE_TEMPS}\nid: $(date +%s)" > "${ARCHIVE_CONTENT}"
echo "time: ${DATE_TEMPS}\nid: $(date +%s)" > "${ARCHIVE_CONTENT}"
[ -n "${TRACK}" ] && echo "sender: ${MAIL_SOURCE}" >> "${ARCHIVE_CONTENT}"
LOG_FIC "${SHRINK_CMD} -u \"${INSPECT_DIR}/in.$$\" 2>> \"${FIC_LOG}\" > \"${OLD_LINKS}\""
@ -163,7 +163,7 @@ LOG_FIC "${SHRINK_CMD} -s ${MAX_KEEP_IN_MAIL} -d ${REP_PIECE_JOINTE} ${INSPECT_D
done
# Création de l'archive
NB_ATTACH=$(grep -e "^old: " -e "^new: " "${ARCHIVE_CONTENT}" | wc -l)
if [ -n "${TRACK}" ] || [ "${NB_ATTACH}" -gt 1 ]; then
if [ \( -n "${TRACK}" -a "${NB_ATTACH}" -gt 0 \) -o "${NB_ATTACH}" -gt 1 ]; then
PASSWORD=$(apg -n 1 -m 12)
PASSWORD_MD5=$(echo -n ${PASSWORD} | ${MD5_CMD} | cut -d \ -f 1)
LOG_FIC " - \"${JIRAFEAU_CMD}\" -f \"${JIRAFEAU_LOCAL}\" -s \"${MAX_UPLOAD_SIZE}\" -c \"${ARCHIVE_MIME}\" -n \"${ARCHIVE_TITLE}\" send \"${ARCHIVE_CONTENT}\" \"${PASSWORD}\" 2>> \"${FIC_LOG}\" > \"${ONE_LINK}\""